On 31 May 2019, at 11:12, Stefan Bauer wrote:
> thank you for your reply. You know, in real world, ips/ranges get blocked
> from time to time
Not be legitimate RBLs they don't unless you are actually sending spam. If more
IPs than just you mail server are getting blocked, then you probably
> On 31 May 2019, at 00:33, Bastian Blank
> wrote:
>
> On Fri, May 31, 2019 at 12:03:37AM -0600, @lbutlr wrote:
>> I am getting mail delivery status reports for every bcc email (that is,
>> every email, since I use a bcc map to create a backup of all the mail).
>
I am getting mail delivery status reports for every bcc email (that is, every
email, since I use a bcc map to create a backup of all the mail).
I've looked through all the postfix files for any instance of sendmail -v, and
have only found it as a comment in bounce.cf.default
> On 30 May 2019, at 07:37, Matus UHLAR - fantomas wrote:
>
> On 30.05.19 07:27, @lbutlr wrote:
>> On 30 May 2019, at 07:24, @lbutlr wrote:
>>> But can still be deleted at any time, just "less frequently than /tmp";
>>> certainly not a
On 30 May 2019, at 07:24, @lbutlr wrote:
> But can still be deleted at any time, just "less frequently than /tmp";
> certainly not a place to store necessary files. I don't see this anywhere for
> *BSD, thankfully, so I can safely ignore it.
Goops, forgot to past this:
On 30 May 2019, at 06:32, Matus UHLAR - fantomas wrote:
>> On 29 May 2019, at 08:52, Benny Pedersen wrote:
>>> /var/tmp must not be cleaned after boots, /tmp will be cleaned on boot
>
> On 30.05.19 04:44, @lbutlr wrote:
>> I've never heard that. Is that a real t
On 30 May 2019, at 02:39, Jos Chrispijn wrote:
> A friend advised me to run /postfix/update and it looks as if this did the
> trick. Part of that file contains:
>
> newaliases
> postalias hash:/etc/aliases
> postfix reload
> postfix flush
Wher
e did that come from? (It doesn't exist on my
On 29 May 2019, at 08:52, Benny Pedersen wrote:
> /var/tmp must not be cleaned after boots, /tmp will be cleaned on boot
I've never heard that. Is that a real thing or just your own 'rule'?
--
Lobotomy means never having to say you're sorry -- or anything else.
On 24 May 2019, at 12:52, Rafael Azevedo wrote:
>
> Hi there,
>
> I've done that by building a policy filter that bans those IPs using
> iptables whenever those trap accounts get reached.
Oh, well, that sounds lovely. Is it sharable?
(shouldn't be much iss ti adapt it to pf)
> It wasn't that
On 24 May 2019, at 11:23, Noel Jones wrote:
> On 5/24/2019 11:33 AM, @lbutlr wrote:
>> I have an active email address that only receives spam (it is an address
>> that wasn't used for years but I've recently reactive to see just how much
>> spam an unprotected decades ol
I have an active email address that only receives spam (it is an address that
wasn't used for years but I've recently reactive to see just how much spam an
unprotected decades old account that hasn't accepted mail since 2006 would get).
Anyway, what I would like to do is somehow blacklist any
On 21 May 2019, at 15:36, MRob wrote:
> Privacy problem is addressed with smtpd_recipient_limit=1 but thats not very
> feasible.
Are you sure?
I think even the big mailing-list services send individual messages now-a-days.
--
Good old Dame Fortune. You can _depend_ on her.
On 21 May 2019, at 15:07, @lbutlr wrote:
> May 21 14:52:32 mail postfix/local[63216]: 457nyS31Y4zdrvK:
> to=, orig_to=, relay=local,
> delay=0.39, delays=0.34/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to
> command: /usr/local/bin/procmail -t -a $EXTENSION)
>
> Ma
I may have asked this in the past, but ion so it's been longe enough I don't
remember and can't find it my mail archives.
Is there some way to modify what is logged from postfix/local and postfix/pipe
so that the "status=sent" lines include the from address as well as the to
address?
May 21
On 20 May 2019, at 01:42, Brent Clark wrote:
> My colleague has proposed that at smtp time, if a mail is deemed as spam, the
> server issues a reject code, but then to too accept the mail and forward the
> mail the user for incase its a false positive.
The odds of a mail scoring over 10.0 on
On 14 May 2019, at 21:35, Ron Wheeler wrote:
> If people knew how much of the email travels over the internet as a result of
> his work, he would be a tech star.
I really doubt he is interested in notoriety.
--
'You're your own worst enemy, Rincewind,' said the sword.
Rincewind looked up at
On 14 May 2019, at 13:15, @lbutlr wrote:
> On 14 May 2019, at 11:41, @lbutlr wrote:
>> Has anyone implemented geo based restrictions for postfix login connections,
>> or is this something that needs to be done in dovecot?
>
> This seemed to work pretty well
>
> pf
On 14 May 2019, at 11:41, @lbutlr wrote:
> Has anyone implemented geo based restrictions for postfix login connections,
> or is this something that needs to be done in dovecot?
This seemed to work pretty well
pfctl -t badguys -T add $(cat block.zone)
I can then flush and add when th
> On 14 May 2019, at 11:48, John Peach wrote:
>
> On 5/14/19 1:41 PM, @lbutlr wrote:
>> Has anyone implemented geo based restrictions for postfix login connections,
>> or is this something that needs to be done in dovecot?
>> I was thinking someway to add most
Has anyone implemented geo based restrictions for postfix login connections, or
is this something that needs to be done in dovecot?
I was thinking someway to add most of Asia and Eastern Europe to postscreen
checks would be useful?
--
"One of the great tragedies of life is the murder of a
On 9 May 2019, at 09:53, Viktor Dukhovni wrote:
> But in fact, my view is that bounces should always be headers-only,
> and if you're sending important content whose only copy is in the
> outbound message, which is "lost" if not delivered, then that's the
> problem, fix the sending software to
On 6 May 2019, at 11:22, lists wrote:
> It had been my experience that the firewall uses more resources that
> SSHGuard. Certainly it uses more memory.
But you do not have to use a firewall if that's an issue. /etc/hosts.allow is
always an option, and that block is practically free.
--
I
On 6 May 2019, at 06:33, Lefteris Tsintjelis wrote:
> On 6/5/2019 15:14, @lbutlr wrote:
>> On 6 May 2019, at 02:10, Lefteris Tsintjelis wrote:
>>> Fail2ban and equivalent log parsers are just too resource hungry,
>> No they aren't.
>
> Yes they are.
Not on my sup
On 6 May 2019, at 02:10, Lefteris Tsintjelis wrote:
> On 6/5/2019 9:42, @lbutlr wrote:
>> On 4 May 2019, at 15:52, Lefteris Tsintjelis wrote:
>>> Would be great to consider its future adoption and if possible to take it
>>> even further to interact with postscreen.
On 4 May 2019, at 15:52, Lefteris Tsintjelis wrote:
> Would be great to consider its future adoption and if possible to take it
> even further to interact with postscreen.
Why would this be a good thing for postfix to do?
There are already plenty of tools that generate block lists for the
On 28 Apr 2019, at 03:00, Allen Coates wrote:
> On 27/04/2019 23:21, @lbutlr wrote:
>>
>> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname,
>>reject_non_fqdn_helo_hostname, check_helo_access
>>pcre:/etc/postfix/helo_checks.pcre permit
On Apr 27, 2019, at 20:15, Noel Jones wrote:
>
> I still use the fqrdns.pcre too, and I can't remember the last false negative
> when it rejected good mail.
Thanks. That’s what I suspected, but confirmation is good to have.
--
This is my signature. There are many like it, but this one is
On Apr 27, 2019, at 21:13, Bill Cole
wrote:
>
> I keep permit_my_networks out of my postfix config entirely
Thanks. I keep meaning to look into doing that, but then I don’t seem to get
around to it.
My mail server isn’t on a LAN IP, so that doesn’t apply. I’ll keep looking at
logs to see if
On 27 Apr 2019, at 14:28, Bill Cole
wrote:
> On 27 Apr 2019, at 15:28, TG Servers wrote:
>
>> But you mean to keep reject_non_fqdn_helo_hostname and
>> reject_invalid_helo_hostname, right?
>
> Yes but as part of smtpd_helo_restrictions with a substantial
> check_helo_access map ahead of them
> On 27 Apr 2019, at 13:40, Bill Cole
> wrote:
>
> On 27 Apr 2019, at 15:23, @lbutlr wrote:
>
>> Do you still see connections from hotmail.com mail servers?
>
> That depends on what you mean by "hotmail.com mail servers."
> I see a lot of traffic f
I've had the following in my fqrdns.pcre checks for quite awhile:
/^ec2(-[12]?[0-9]{1,2}){4}\.compute-[0-9]\.amazonaws\.com$/ REJECT Generic -
Please relay via ISP (amazonaws.com)
And I have noticed that I frequently get a series of 50 or more connection
attempts from some aws server out
> On 27 Apr 2019, at 09:06, Matus UHLAR - fantomas wrote:
>
> On 27.04.19 09:04, @lbutlr wrote:
>> I am using postfix => spamass-milter => SpamAssassin and I get occasional
>> errors like these.
>>
>> spamd: handle_user (userdir) unable to find user:
I am using postfix => spamass-milter => SpamAssassin and I get occasional
errors like these.
spamd: handle_user (userdir) unable to find user: 'virtualuser'
For example, if I have a virtual user "john" who redirects to the local user
jsmith, I get that error with the username of "john" while
On 25 Apr 2019, at 17:56, Allen Coates wrote:
> I have been looking at the configuration parameter
> "reject_unknown_helo_hostname", with a view to using it to resist spam.
I don't think that's going to be helpful enough to make up for the legitimate
messages you will lose. Not all senders have
On 19 Apr 2019, at 23:04, Peter wrote:
> But this is just one example of where a header might be signed and then is
> later added or altered by the mailing list,
The only headers that mailing lists often alter are subject (though i think
that is dying off, hopefully) and the only
On 18 Apr 2019, at 13:15, ecsd wrote:
>
> The logs show that postfix examines the recipients before the milter is given
> the chance to see them.
> I have a milter that detects certain RCPT patterns harassing a domain name
> and will discard (not bounce) the mail,
> but that code cannot be
On 13 Apr 2019, at 00:57, Dominic Raferd wrote:
> I too find that hardenize complains about my STARTTLS without any details as
> to why. Like @lbutlr (and most of us) I offer STARTTLS on port 25 but not
> AUTH. However I see this message in my log after the test ran, I think
&g
> On 12 Apr 2019, at 10:42, micah anderson wrote:
>
> "@lbutlr" writes:
>
>> On 12 Apr 2019, at 08:46, micah anderson wrote:
>>> he site https://hardenize.com provides relatively decent Email reports,
>>> along with other reports. It checks a
On 12 Apr 2019, at 08:46, micah anderson wrote:
> he site https://hardenize.com provides relatively decent Email reports,
> along with other reports. It checks a number of things including certs,
> MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
> good checks and
On 5 Apr 2019, at 09:11, Viktor Dukhovni wrote:
> Note that you SHOULD NOT ultimately refuse email on SPF softfail,
> but greylisting would be OK, if you find it meets your needs.
Is grey listing still effective? I know when I stopped using it it was not
doing much of anything and I can't
On 2 Apr 2019, at 14:30, Esteban L wrote:
> The times are in seconds, so you'll need to calculate those times.
a month is 2629743 seconds. An hour, of course is 3600, but I prefer 86400
which is one day.
BTW, pi seconds is very close to 1 nano century.
--
<[TN]FBMachine> I got kicked out of
On 24 Mar 2019, at 09:32, Michael wrote:
> header CUST_DMARC_FAIL Authentication-Results =~ /mydomain\.com; dmarc=fail/
> score CUST_DMARC_FAIL 4.0
Have you checked this against your spam?
You're going to have a lot of problems with a score of 4.0, I expect.
--
"Some cause happiness wherever
On 22 Mar 2019, at 19:45, Bill Cole
wrote:
> Do not accept mail claiming to be from any address in a local domain on the
> port 25 (smtp) smtpd service. Only accept such mail via port 587 (submission)
> and 465 (smtps) services configured to require authentication.
And the way to do this is:
On 21 Mar 2019, at 06:50, Bill Cole
wrote:
> Requiring authentication to relay on *ANY* port is essential. Even if you do
> authentication by IP (e.g. permit_mynetworks) or other out-of-band
> mechanisms, failing to require authentication to relay will eventually lead
> to a system being
On 20 Mar 2019, at 15:40, Patrick Ben Koetter wrote:
> Or, if you use dovecot as storage, create a second dovecot instance and dsync
> messages from first to second instance.
This is a much better solution in terms of features and making that alternate
mailspool available. Mine is better in
On 20 Mar 2019, at 15:06, Homer Wilson Smith wrote:
>Pointers to RTFM
>
>Running Centos 7.x, latest postfix.
>
>What is the best way to keep a permanent store for
> incgoing e-mail. Doesn't have to be forever. 1 year perhaps.
I use recipient_bcc_maps
--
'The trouble with my
On 19 Mar 2019, at 13:00, Viktor Dukhovni wrote:
> Note that, perhaps unintentionally, the treatment of "message_size_limit
> = 0" is not documented to mean "no limit". Perhaps we should also
> address that.
By forbidding a setting of 0?
--
'They're the cream!' Rincewind sighed. 'Cohen,
On 18 Mar 2019, at 06:40, Otto Kekäläinen wrote:
> How can I configure Postfix so that _only_ malformed addresses are not
> delivered to the next SMTP host, while the rest of the recipients in
> the same email/To/CC/BCC are delivered as usual?
What you are asking for will deliver mail to people
On 17 Mar 2019, at 15:47, @lbutlr wrote:
> On 17 Mar 2019, at 05:40, li...@sbt.net.au wrote:
>> (both domains are valid, tld.com as well as tld.com.au)
>
> both are valid in your lookup table? Have you checked this with postman?
postmaP
(sorry, spelling correcting one wil
On 17 Mar 2019, at 05:40, li...@sbt.net.au wrote:
> (both domains are valid, tld.com as well as tld.com.au)
both are valid in your lookup table? Have you checked this with postman?
--
'There has to be enough light,' he panted, 'to see the darkness.'
Please stop sending this nonsense to the list.
> On 10 Mar 2019, at 17:21, Francesc Peñalvez wrote:
>
> *
> Este mensaje y todos los archivos adjuntos son confidenciales y de uso
> exclusivo por
> On 7 Mar 2019, at 20:52, Ozy Mate wrote:
>
> Dear Friends,
>
> I have signed up with a 3rd party smtp server as relay host. This server
> needs the following lines in the main.cf of our server instead of relayhost
> direction:
>
> smtp_sender_dependent_authentication = yes
>
On 05 Mar 2019, at 13:50, Mayhem wrote:
> I also have nginx/apache and sql running on the same dedicated machine,
There will use much more of your system that all of postfix, including your
dovecot (or whatever), and the DNS lookups are a minuscule portion of what
postfix does.
My very
On 05 Mar 2019, at 10:00, Dominic Raferd wrote:
> Fail2ban is (as you know) a way to tackle it.
At 1000 connections a day I don’t think fail2ban or sshguard or whatever is
going to save you anything at all.
Hundreds of thousands? Maybe?
--
Suddenly the animals look shiny and new
On 4 Mar 2019, at 02:55, Francesc Peñalvez wrote:
>
> Gmail has its ips stuck in almost all dnsbl spam and for that reason I do not
> receive any mail from gmail
Really? I've haven't found gmail servers to be in RBLs in a long time and
wouldn't use a RBL that listed gmail servers. What lists
On 01 Mar 2019, at 07:21, Thomas Seilund wrote:
> -- Once a day for each user I clear the bayes files and rebuild bayes files
> with:
You are removing the bases entries daily and rebuilding them based on a very
few (if any) messages in your LaernAs folders?
That’s the same as not using bayes
> On 1 Feb 2019, at 01:19, Eray Aslan wrote:
>
> Downgrading from postfix-3.4 fails with:
What exactly do you mean by "Downgrading? And how, exactly, did you attempt to
do this?
> 3.3.2/image//usr/share/man/man8/virtual.8...
> bin/postconf: fatal: invalid type field "unix-dgram" in
On 30 Jan 2019, at 16:26, Philip wrote:
> had this exact issue when I first started warming up the IP I was sending my
> company email from. Any email going to a Yahoo server you need to throttle
> heavily as if you try and send to much too quickly you will get your IP
> blocked.
I "solved"
On 24 Jan 2019, at 18:07, Viktor Dukhovni wrote:
> This may be especially important with submission, where various
> peripheral devices (fax-to-email, printers, ...) may only support
> TLSv1. So the "buster" system-wide default of TLSv1.2 and up may
> cause problems.
The least likely to be
On 21 Jan 2019, at 22:13, Viktor Dukhovni wrote:
> 12. The version numbering scheme for Berkeley DB changed from a
> five-part number to a three-part number of the form
> ... This release is numbered 18.1.x,
Do you know why the current version in FreeBSD ports is 6.2.32_1? (or the
On 12 Jan 2019, at 07:52, Nick Howitt wrote:
> Unfortunately I don't have access to the MX Backup service. It is provided by
> my DNS provider.
Honestly, you should not have an MX server outside of your control.
If your server is routinely down for several days, then you shouldn't be
running
On 20 Dec 2018, at 11:08, Viktor Dukhovni wrote:
> Viruses can come from any source.
OK, But I am pretty sure I’ve never seen a virus from mail chimp.
I don’t have a large enough load to worry about not scanning, but if I did the
first thing I would stop scanning is gmail incoming and the
On 20 Dec 2018, at 06:46, Kai Schaetzl wrote:
> Using Sorbs is dangerous, anyway, we abandoned it years ago. If you want
> to use it then use it in the way it is intended for weighted RBLs. e.g. do
> not use it as the sole source of blocking.
I keep parring down my list and am considering
On 18 Dec 2018, at 16:58, Viktor Dukhovni wrote:
> The solution is perhaps in part to throw some more CPU at the
> problem, but alternatively, assuming that mailchimp et. al.
> are not abusing reasonable concurrency limits, you can reduce
> the impedance mismatch by increasing the input latency,
> On 13 Dec 2018, at 20:05, Paul Schmehl wrote:
>
> --On December 13, 2018 at 9:00:06 PM +0100 Benny Pedersen
> wrote:
>
>> Paul Schmehl skrev den 2018-12-13 20:45:
>>
The user does not exist until "ls -l" is able to correctly identify
the
files as belonging to the user.
ersion of mail).
>
> On 04.12.18 13:47, @lbutlr wrote:
>> What do you base this statement on? I’ve been using Apple’s Meal.app since
>> around 2003 or so, and I’ve never had it encode everything as Internet
>> links more mess up plaintext mail.
>
> based on sender's
On 5 Dec 2018, at 07:34, Bill Cole
wrote:
> On 2 Dec 2018, at 20:31, James Brown wrote:
>
>> I’m trying to set up a new mail server on macOS Mojave and it almost works.
>> Dovecot for IMAP is working.
>
> This is a bad idea. Mojave (like High Sierra and Sierra before it) is unfit
> for
On Wed Dec 05 2018 05:24:33 Voytek said:
>
> so if I have 25 clients on a NATed LAN, that's my connection count limit,
> isn't it ?
No.
--
2+2=5 for sufficiently large values of 2.
On Mon Dec 03 2018 04:27:43 Matus UHLAR - fantomas
said:
>
> pleaase, get a decent MUA, not applemail that tries to encode everything as
> internet links (and messes up thge plaintext version of mail).
What do you base this statement on? I’ve been using Apple’s Meal.app since
around 2003
Trying to configure clamav-milter with postfix-current-3.4.20181105,5 under
FreeBSD 11.2-RELEASE, but I’ve missed something since no mail is actually
getting processed by ClamAV-milter, including the EICAR test mails which sail
through without triggering anything.
I’ve tried to provide
On 24 Nov 2018, at 14:37, Richard Damon wrote:
> If you might be using characters beyond an 8-bit character set, then UTF-8 is
> the best way to go.
If there is even the slightest possibility that you will be using characters
beyond the basic *7* bit character set, I would say that UTF-8 is
On 8 Nov 2018, at 01:18, Robert Chalmers wrote:
> Hi, I can see what the error message says . But I confess at this moment, I’m
> at a loss as to how to fix it?
> Where is it looking for this db?
Postix used Berkely db for hash tables (files end in .db) nosema,ly the virtual
file and the alias
On 01 Nov 2018, at 13:48, Alice Wonder wrote:
> Opportunistic TLS is a concept I do not like. DANE fixes the issues for
> system admins willing to implement DNSSEC and add a TLSA record but it seems
> many are not, so MTA-STS was invented.
>
> MTA-STS has the same flaw as opportunistic TLS. It
On 25 Oct 2018, at 05:11, Ralph Seichter wrote:
> Please don't try to spread your personal misjudgement as gospel,
It is not mine, but thanks for playing.
--
So now you know the words to our song, pretty soon you'll all be singing
along, when you're sad, when you're lonely and it all turns out
On Oct 25, 2018, at 15:04, @lbutlr wrote:
> Authentication port 25 is often simply opportunistic
Sorry. I meant to type encryption, not authentication.
--
This is my signature. There are many like it, but this one is mine.
On Oct 25, 2018, at 06:08, Thomas Bourdon wrote:
>
> My goal : All auth connections must be done with tlsv1.2 minimum. Others
> connections can be done with tlsv1.0 minimum.
This is fine. Authentication port 25 is often simply opportunistic and does not
imply identify, only securing the data
On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
>
> do not disable tlsv1
I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no
reason to be running v1 or v1.1. At all.
I’ve been running with TLSv1.2 only for over a year.
--
This is my signature. There are many like
On 04 Oct 2018, at 00:00, Tobi wrote:
> if your auth senders spoof from headers: block their login account and
> terminate their service
Nothing necessarily wrong with spoofing From:
noreply@ is a spoofed From:
>> we're running a small smtp send only service for authenticated users
>> only.
On 21 Sep 2018, at 10:07, Stephen Carville wrote:
> Add a procmail recipe
One of these days, and a joyous day it will be, someone is going to take up the
mantle of procmail maintainer and rewrite it to be modern, fast, and stable, No
no, I hear your protests, but it's going to happen. Someday.
On 06 Sep 2018, at 12:19, Luc Pardon wrote:
> However, although symlinks inside the Postfix dirs were not needed in
> the past, that has changed by now. They have become necessary because
> OpenSSL needs them to find its certificates, so we can't just tell the
> admin to get rid of them.
The way
> On 13 Aug 2018, at 06:28, Bastian Blank
> wrote:
>
> On Mon, Aug 13, 2018 at 05:19:18AM -0600, @lbutlr wrote:
>> On 12 Aug 2018, at 17:29, Stuart Longland wrote:
>>> We have a problem where some smart-arse spammers/phishers are spoofing
>>> the
On 12 Aug 2018, at 17:29, Stuart Longland wrote:
> We have a problem where some smart-arse spammers/phishers are spoofing
> the From address, specifying our domain as their from address. In one
> case, the person in question uses my personal address in the From, To
> and Return-Path. In others,
On 07 Aug 2018, at 04:53, Wietse Venema wrote:
> Maybe some Procmail rule can do all this. I don't use Procmail.
You can, with enough staples and duct tape, do *anything* in procmail.
However, it is old, krufty, not under development<1>, has several bugs, doesn’t
understand mime, and I don’t
On 07 Aug 2018, at 04:49, Luc Pardon wrote:
> but in any case it serves no useful purpose (unlike greylisting, SAV, etc.
Are people still finding grey listing to be useful? I found it caused far more
problems than it solved and the endless game of scanning logs for sites like
Amazon that
On 1 Aug 2018, at 11:59, Viktor Dukhovni wrote:
>> status=deferred (TLS is required, but was not offered by host
>
> Here, the "level" is "none". The remote site did not support STARTTLS.
Ah. Yes, that makes sense, it just didn't occur to me a server in 2018 would do
that, I figured it just
When connecting to a server that does not offer TLS (or the right level) does
postfix log (or can it) the level of security that was offered?
status=deferred (TLS is required, but was not offered by host
(I get very few of these (two servers in the last week), but I'd like to be
able to tell
On 24 Jul 2018, at 11:31, Software Information
wrote:
> Recently though, auditors made a deal that the server is an open relay.
Based on the rest of this thread, it sounds very much like the auditors are
incompetent. I mean, not knowing what an open relay is is concerning.
On 28 Jun 2018, at 16:10, li...@mbchandler.net wrote:
> I agree about the nameserver, but unfortunately I don't have a choice. I'm
> required to use this one.
Explain to the non-technical person mandating this, possibly using very small
words, why the will result in lost mail. Your initial post
On Jun 26, 2018, at 09:10, Viktor Dukhovni wrote:
> No, it works substantially better in check_sender_access, and very poorly
> in header_checks.
It works very well for me, and has for years.
--
This is my signature. There are many like it, but this one is mine.
On 25 Jun 2018, at 14:45, Alex wrote:
> I have a check_sender_access restriction that blocks many TLDs like
> .red and .space. Problem is that we have one legitimate .red customer
> (what was he thinking?) that needs to send us mail. How can I allow
> this single domain?
I use header checks:
On 18 Jun 2018, at 12:08, Wietse Venema wrote:
> Wuetse
Ah, Mondays!
--
Is it my imagination, or do buffalo wings taste like chicken?
On 5 Jun 2018, at 02:22, Matus UHLAR - fantomas wrote:
> in postyfix queue each mail does have its unique ID. However, when pushed
> through any kind of content filter, the ID changes.
> Also, when mail gets forwarded, the ID changes.
A new ID will be ADDED, but the original one remains in the
On 4 Jun 2018, at 14:34, Greg Strange wrote:
> I am trying to track a single email throughout the entire postfix process.
> The idea is that when a customer calls us and says that a certain email never
> reached them, we can quickly trace the email through the logs and see that it
> died due
On 03 Jun 2018, at 16:08, Proxy wrote:
> I'm confident that CentOS security team does a good job providing latest
> security patches RedHat releases including those related to Postfix.
Are you under the impression that CentOS is writing security patches for
obsolete and unsupported versions
On 29 May 2018, at 11:57, Viktor Dukhovni wrote:
> The collation rules for "en_US" are abominable. I always set:
>
> LC_CTYPE=en_US.UTF-8 LANG=C
Yep, strongly agree with this. I foolishly had LANG=en_US some time back
thinking it was sensible. It is not. Everything breaks.
On 2018-05-29 (02:35 MDT), Dirk Stöcker wrote:
>
> Do you maybe also have a command to show only changed parameters?
This is doable, but it takes a bit more processing than a single line.
Basically, a shell script that parses the output of
join <(postconf -n) <(postconf -d | sed
On 2018-05-28 (11:26 MDT), Viktor Dukhovni wrote:
>
> join <(postconf -n) <(postconf -d | sed 's/=/(default:/; s/$/)/')
That's nifty!
--
"you'd think you could trust a horde of hungarian barbarians"
On 26 May 2018, at 23:27, Voytek wrote:
> On Sun, May 27, 2018 3:22 am, /dev/rob0 wrote:
>
>> The obvious solution, if dnsbl.spfbl.net is blocking real mail, is to
>> stop using that list, or possibly to lower its score below your [unstated]
>> threshold score.
>
> Thanks for
On 26 May 2018, at 12:59, Benny Pedersen wrote:
> just kidding, i would like to see main.cf smaller, so postconf -n gives more
> settings as default from -d
>
> as it is now setting is more or less random default from main.cf
>
> keep main.cf minimal is good sense
I’m not sure
On 2018-05-26 (10:59 MDT), /dev/rob0 wrote:
> Perhaps this could be reworded to be less confusing? Since "-d"
> doesn't look at main.cf, s/main.cf/"Postfix internal"/?
I dunno, I think "Print main.cf default parameter settings instead of actual
settings." is very clear.
--
301 - 400 of 686 matches
Mail list logo